With unshare or lxc-execute I can create environments with separate network/mount/whatever namespaces. But starting programs there from outside is not really straightforward. Usually network and sshd is used, I also use UNIX socket with socat executing shell to start new processes on it.

Is there already a program that allows to starting applications inside unshares easily? Client program is expected to connect to UNIX socket and send (SCM_RIGHTS) stdin/stdout/stderr to server. Server is expected to be started inside unshare and receive argv, environment and fds and start them.